Jump to content
Sign in to follow this  
maruk

Secure ID progress

Recommended Posts

Server admins are welcome to use new more reliable secure player id system. Please place requiredSecureId=1;

to your server config to help us testing this system and read

http://www.bistudio.com/english/company/developers-blog

for more detailed information.

Please note that this system is ready for many betas now but only recently all player ids are properly recognized and entire infrastructure running.

Edited by Dwarden
added ;

Share this post


Link to post
Share on other sites

Having set "requiredsecureid=1"

When connecting to server im having pretty long "wait for host"

then "registration failed: time out was reached"

Share this post


Link to post
Share on other sites

It seems the server mentioned in the blog did not survive the load and it is already down. I recommend not using requiredsecureid until we check and fix the issue.

Share this post


Link to post
Share on other sites
It seems the server mentioned in the blog did not survive the load and it is already down. I recommend not using requiredsecureid until we check and fix the issue.

I can still see some player id traffic on the server. I have identified an issue causing the timeout, it should be resolved shortly (I will notify you here once it is done). Meanwhile I kindly ask server admins to use requireSecureId=0 until it is fixed to prevent more players failing id validation.

Share this post


Link to post
Share on other sites
I can still see some player id traffic on the server. I have identified an issue causing the timeout, it should be resolved shortly (I will notify you here once it is done). Meanwhile I kindly ask server admins to use requireSecureId=0 until it is fixed to prevent more players failing id validation.

This is the kind of situation where Twitter could be useful. :D

Share this post


Link to post
Share on other sites

The server problem should be fixed. The problem was a badly designed JPQL query, which was about 100x slower than it should be. Brave server admins may want to use requireSecureId=1 again.

Share this post


Link to post
Share on other sites

I see no secure ids issued since my last post, but I can see some server are using it (and have some players). How does it look from the server side now? Are the players reported to have registration failed or ?

Share this post


Link to post
Share on other sites

Issue fixed (access rights on the server did not allow access to the service at all, and the failure was badly reported), server should be running OK (and I already see 50 verified IDs issued).

Share this post


Link to post
Share on other sites

I activate this parameter on my event dedi-server for tonight.

We had played with round about 50 players. 4 of them aren't able to connect the server. (without any error message on screen or .rpt)

I'm got a message at first server connection: "Registration failed: RSS connect error" but all works fine for me.

I registered many "lost connections" along the players - more than normal. But no .rpt messages, too.

Share this post


Link to post
Share on other sites

We are at 3500 secure ids issued with 42 servers running secured ids, no anomalies observed, everything seems to be working fine and smooth.

Share this post


Link to post
Share on other sites

Suma thanks for the update. I have enabled Mode 1 yesterday on 9 of our servers.

Could you please share information where messages of failed verifications would be logged? The Server console output? The RPT file?

I'd like to have a look for potential problems/cheaters but I was unable to find any messages related to secure ID yet

Share this post


Link to post
Share on other sites
Could you please share information where messages of failed verifications would be logged? The Server console output? The RPT file?

I'd like to have a look for potential problems/cheaters but I was unable to find any messages related to secure ID yet

You would see it in the server console between the connecting and connected messages. If there are no messages about any failures there, it means nobody without a valid certificate has connected to your server.

Share this post


Link to post
Share on other sites

We are now over 20000 of secured ids, with over 80 servers using the features . A new beta 99700 changes default to requiredSecureId=1, therefore we should see much faster adoption rate soon. We shall see if the server will still handle the load (it should).

We also have first ID banned because it was registered by too many distinct players - more of this will most likely come soon as well.

Share this post


Link to post
Share on other sites

So I should just add the requiredsecureid=1 to my server cfg when I update to the latest beta tonight?

Thanks

Share this post


Link to post
Share on other sites
So I should just add the requiredsecureid=1 to my server cfg when I update to the latest beta tonight?

Thanks

Not really needed in the latest beta as this is now the default settings (so no difference if it is there or not, you can use 0 or 2 if you want no or full secure id level).

Share this post


Link to post
Share on other sites
Will there be an upcoming linux beta shortly. Or is this feature already in current beta?

This feature is already present in all 1.62 servers, however before the 99700 it needs to be enabled manually by specifying requiredSecureId=1 in the server.cfg.

Share this post


Link to post
Share on other sites

Every time I join a server running this, it says my ID is unregistered and there was a SSL connection error. Next beta you might want to make the error message a bit more specific, many things can go wrong during an SSL/TLS handshake

Share this post


Link to post
Share on other sites

This sounds like either Port 443 outgoing is blocked at your end, or you have some kind of SSL man-in-the middle appliance/attack in your network which presents invalid certificats.

Share this post


Link to post
Share on other sites
Every time I join a server running this, it says my ID is unregistered and there was a SSL connection error. Next beta you might want to make the error message a bit more specific, many things can go wrong during an SSL/TLS handshake

Are you aware if there is perhaps anything special or unusual about the way you access the web (http/protocol)? Does your web browser has any proxy set up for the connection? When you try to access https://is.bistudio.com/BICDKeys in your browser, what do you see?

Share this post


Link to post
Share on other sites
Are you aware if there is perhaps anything special or unusual about the way you access the web (http/protocol)? Does your web browser has any proxy set up for the connection? When you try to access https://is.bistudio.com/BICDKeys in your browser, what do you see?

Nothing unusual about how I access the web, when I open that link in my web browser it works fine. I'll try ArmA 2 OA Beta in a bit and post a screenshot if it errors again.

Screenshot:

http://img.ctrlv.in/50d12a7d43ed6.jpg (162 kB)

SSL Connect error is very non-descript, even just adding an error code generated by whatever library you're using would make this so much easier to debug.

Edited by mmavipc

Share this post


Link to post
Share on other sites
Screenshot:

http://img.ctrlv.in/50d12a7d43ed6.jpg (162 kB)

SSL Connect error is very non-descript, even just adding an error code generated by whatever library you're using would make this so much easier to debug.

Build 100258 should contain extended reports logged into the .rpt file in case of any HTTP errors. Please, try this version and post the rpt section corresponding to the is.bistudio.com connection here or send it directly to me via person message.

Share this post


Link to post
Share on other sites
Build 100258 should contain extended reports logged into the .rpt file in case of any HTTP errors. Please, try this version and post the rpt section corresponding to the is.bistudio.com connection here or send it directly to me via person message.

Build 100258 isn't out yet, but I captured packet with wireshark: https://dl.dropbox.com/u/3925811/ssl.pcap

With the SSL private key you should be able to decrypt them, and that encrypted alert at the end.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×